iSpy: How the CIA Targeted Apple

Researchers working with the CIA have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads. (Image: The Intercept)

New reporting by The Intercept published Tuesday reveals a years-long effort by the Central Intelligence Agency, alongside partners both inside and outside of government, to crack the digital security systems of the Apple's signature iPhone and iPad products.

Citing top-secret documents leaked to journalists by Edward Snowden, the latest reporting by Jeremy Scahill and Josh Begley reveals the determination of researchers working for the U.S. spy agency to break through Apple's encryption system for its widely used portable devices, both of which operate on the company's iOS operating platform.

The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.

By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both "physical" and "non-invasive" techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple's encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

In addition, the report makes reference to attempts by CIA operatives to create a "modified version" of Apple's proprietary app development software, called Xcode, upon which outside app developers can create new tools for both iPhone and iPad. The reporting says it remains unclear how unwitting developers might be tricked into using the altered version—one researcher quoted in the document described this process as "whacking" the code—but according to the documents, if installed, a backdoor service in the code would "force all iOS applications to send embedded data to a listening post."

In addition, the CIA researchers claimed the software, could perform these functions as well:

"Entice" all Mac applications to create a "remote backdoor" allowing undetected access to an Apple computer.

Scahill and Begley point out that Apple is among the tech companies that has most consistently and publicly resisted the government's efforts to exploit the encryption of private computer systems and personal devices.

"Perhaps more than any other corporate leader," they write, "Apple's CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies."

The new reporting also makes clear that private defense contractors are playing an outsized role in providing research and other assistance to government agencies in developing and executing these clandestine programs. For this program aimed at Apple's encryption, weapons and aerospace giant Lockheed Martin is singled out as a significant player, which owns the Sandia Lab that hosted the Apple hacking "jamboree" and whose researchers apparently contributed to the program.

"Lockheed Martin's role in these activities should not be surprising given its leading role in the national surveillance state," William Hartung, director of the Arms and Security Project at the Center for International Policy and author of Prophets of War, told The Intercept. "It is the largest private intelligence contractor in the world, and it has worked on past surveillance programs for the Pentagon, the CIA and the NSA. If you’re looking for a candidate for Big Brother, Lockheed Martin fits the bill."

Though Scahill and Begley acknowledge the documents "do not address how successful the targeting of Apple's encryption mechanisms have been nor do they provide any detail about the specific use of such exploits," the existence of these efforts, they argue, does reveal the "ongoing campaign aimed at defeating the tech giant's efforts to secure its products, and in turn, its customers' private data."

Read the full article here. And the documents themselves can be viewed here.

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License

This is the world we live in. This is the world we cover.

Because of people like you, another world is possible. There are many battles to be won, but we will battle them together—all of us. Common Dreams is not your normal news site. We don't survive on clicks. We don't want advertising dollars. We want the world to be a better place. But we can't do it alone. It doesn't work that way. We need you. If you can help today—because every gift of every size matters—please do. Without Your Support We Simply Don't Exist.

Further

Last week, the "world's most moral army" bombed and leveled Gaza's much-loved al-Meshal Theater and Cultural Center, rare home to hundreds of artists, dancers and writers and vital symbol of Palestinian identity, to "make residents feel the price of escalation." The next day, the Palestinian band al-Anqaa (or Phoenix) returned in defiance to play for their beleaguered neighbors, because "art is, too, a form of resistance."

Common Dreams brings you the news that matters.

Sign up for Newsletter

Connect With Us

Support Our Spring Fundraising Drive

Can We Count on Your Help Today?

Common Dreams is a small nonprofit with a big mission. Every day of the week, we publish the most important breaking news & views for the progressive community. To remain an independent news source, we do not advertise, sell subscriptions or accept corporate contributions. Instead, we rely on readers like you, to provide the "people power" that fuels our work. Please help keep Common Dreams alive by making a contribution to our fundraising drive. Thank you. - Craig Brown, Co-founder